Merge changes from topic "presubmit-am-ba0ca280754b426bbc91a336347cfd0d" into tm-mainline-prod

import android.net.PrivateDnsConnectivityChecker;

import android.net.ProxyInfo;

import android.net.Uri;

import android.net.wifi.WifiSsid;

import android.nfc.NfcAdapter;

import android.os.Binder;

import android.os.Build;

import java.lang.annotation.RetentionPolicy;

import java.net.InetSocketAddress;

import java.net.Proxy;

import java.nio.charset.StandardCharsets;

import java.security.KeyFactory;

import java.security.KeyPair;

import java.security.NoSuchAlgorithmException;

     */

    public void setWifiSsidPolicy(@Nullable WifiSsidPolicy policy) {

        throwIfParentInstance("setWifiSsidPolicy");

        if (mService != null) {

            try {

                if (policy == null) {

                    mService.setSsidAllowlist(new ArrayList<>());

                } else {

                    int policyType = policy.getPolicyType();

                    List<String> ssidList = new ArrayList<>();

                    for (WifiSsid ssid : policy.getSsids()) {

                        ssidList.add(new String(ssid.getBytes(), StandardCharsets.UTF_8));

                    }

                    if (policyType == WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST) {

                        mService.setSsidAllowlist(ssidList);

                    } else {

                        mService.setSsidDenylist(ssidList);

                    }

        if (mService == null) {

            return;

        }

        try {

            mService.setWifiSsidPolicy(policy);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

        }

    }

    /**

            return null;

        }

        try {

            List<String> allowlist = mService.getSsidAllowlist();

            if (!allowlist.isEmpty()) {

                List<WifiSsid> wifiSsidAllowlist = new ArrayList<>();

                for (String ssid : allowlist) {

                    wifiSsidAllowlist.add(

                            WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));

                }

                return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST,

                        new ArraySet<>(wifiSsidAllowlist));

            }

            List<String> denylist = mService.getSsidDenylist();

            if (!denylist.isEmpty()) {

                List<WifiSsid> wifiSsidDenylist = new ArrayList<>();

                for (String ssid : denylist) {

                    wifiSsidDenylist.add(

                            WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));

                }

                return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST,

                        new ArraySet<>(wifiSsidDenylist));

            }

            return mService.getWifiSsidPolicy();

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

        return null;

    }

    /**

import android.app.admin.FactoryResetProtectionPolicy;

import android.app.admin.ManagedProfileProvisioningParams;

import android.app.admin.FullyManagedDeviceProvisioningParams;

import android.app.admin.WifiSsidPolicy;

import android.content.ComponentName;

import android.content.Intent;

import android.content.IntentFilter;

    void setMinimumRequiredWifiSecurityLevel(int level);

    int getMinimumRequiredWifiSecurityLevel();

    void setSsidAllowlist(in List<String> ssids);

    List<String> getSsidAllowlist();

    void setSsidDenylist(in List<String> ssids);

    List<String> getSsidDenylist();

    void setWifiSsidPolicy(in WifiSsidPolicy policy);

    WifiSsidPolicy getWifiSsidPolicy();

    List<UserHandle> listForegroundAffiliatedUsers();

    void setDrawables(in List<DevicePolicyDrawableResource> drawables);

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.util.Objects;

import java.util.Set;

/**

        dest.writeArraySet(mSsids);

    }

    @Override

    public boolean equals(Object thatObject) {

        if (this == thatObject) {

            return true;

        }

        if (!(thatObject instanceof WifiSsidPolicy)) {

            return false;

        }

        WifiSsidPolicy that = (WifiSsidPolicy) thatObject;

        return mPolicyType == that.mPolicyType && Objects.equals(mSsids, that.mSsids);

    }

    @Override

    public int hashCode() {

        return Objects.hash(mPolicyType, mSsids);

    }

    @Override

    public int describeContents() {

        return 0;

import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY;

import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;

import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST;

import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST;

import static com.android.server.devicepolicy.DevicePolicyManagerService.LOG_TAG;

import android.app.admin.FactoryResetProtectionPolicy;

import android.app.admin.PasswordPolicy;

import android.app.admin.PreferentialNetworkServiceConfig;

import android.app.admin.WifiSsidPolicy;

import android.graphics.Color;

import android.net.wifi.WifiSsid;

import android.os.Bundle;

import android.os.PersistableBundle;

import android.os.UserHandle;

import org.xmlpull.v1.XmlPullParserException;

import java.io.IOException;

import java.nio.charset.StandardCharsets;

import java.util.ArrayList;

import java.util.Collection;

import java.util.Collections;

import java.util.Map;

import java.util.Set;

import java.util.function.Predicate;

import java.util.stream.Collectors;

class ActiveAdmin {

    private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";

    // List of package names to keep cached.

    List<String> keepUninstalledPackages;

    // The allowlist of SSIDs the device may connect to.

    // By default, the allowlist restriction is deactivated.

    List<String> mSsidAllowlist;

    // The denylist of SSIDs the device may not connect to.

    // By default, the denylist restriction is deactivated.

    List<String> mSsidDenylist;

    // Wi-Fi SSID restriction policy.

    WifiSsidPolicy mWifiSsidPolicy;

    // TODO: review implementation decisions with frameworks team

    boolean specifiesGlobalProxy = false;

        if (mWifiMinimumSecurityLevel != DevicePolicyManager.WIFI_SECURITY_OPEN) {

            writeAttributeValueToXml(out, TAG_WIFI_MIN_SECURITY, mWifiMinimumSecurityLevel);

        }

        if (mSsidAllowlist != null && !mSsidAllowlist.isEmpty()) {

            writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, mSsidAllowlist);

        if (mWifiSsidPolicy != null) {

            List<String> ssids = ssidsToStrings(mWifiSsidPolicy.getSsids());

            if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {

                writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, ssids);

            } else if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_DENYLIST) {

                writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, ssids);

            }

        }

        if (mSsidDenylist != null && !mSsidDenylist.isEmpty()) {

            writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, mSsidDenylist);

    }

    private List<String> ssidsToStrings(Set<WifiSsid> ssids) {

        return ssids.stream()

                .map(ssid -> new String(ssid.getBytes(), StandardCharsets.UTF_8))

                .collect(Collectors.toList());

    }

    void writeTextToXml(TypedXmlSerializer out, String tag, String text) throws IOException {

            } else if (TAG_WIFI_MIN_SECURITY.equals(tag)) {

                mWifiMinimumSecurityLevel = parser.getAttributeInt(null, ATTR_VALUE);

            } else if (TAG_SSID_ALLOWLIST.equals(tag)) {

                mSsidAllowlist = new ArrayList<>();

                readAttributeValues(parser, TAG_SSID, mSsidAllowlist);

                List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);

                mWifiSsidPolicy = new WifiSsidPolicy(

                        WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(ssids));

            } else if (TAG_SSID_DENYLIST.equals(tag)) {

                mSsidDenylist = new ArrayList<>();

                readAttributeValues(parser, TAG_SSID, mSsidDenylist);

                List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);

                mWifiSsidPolicy = new WifiSsidPolicy(

                        WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(ssids));

            } else {

                Slogf.w(LOG_TAG, "Unknown admin tag: %s", tag);

                XmlUtils.skipCurrentTag(parser);

        }

    }

    private List<WifiSsid> readWifiSsids(TypedXmlPullParser parser, String tag)

            throws XmlPullParserException, IOException {

        List<String> ssidStrings = new ArrayList<>();

        readAttributeValues(parser, tag, ssidStrings);

        List<WifiSsid> ssids = ssidStrings.stream()

                .map(ssid -> WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)))

                .collect(Collectors.toList());

        return ssids;

    }

    private List<String> readPackageList(TypedXmlPullParser parser,

            String tag) throws XmlPullParserException, IOException {

        List<String> result = new ArrayList<String>();

        pw.print("mWifiMinimumSecurityLevel=");

        pw.println(mWifiMinimumSecurityLevel);

        if (mWifiSsidPolicy != null) {

            if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {

                pw.print("mSsidAllowlist=");

        pw.println(mSsidAllowlist);

            } else {

                pw.print("mSsidDenylist=");

        pw.println(mSsidDenylist);

            }

            pw.println(ssidsToStrings(mWifiSsidPolicy.getSsids()));

        }

        if (mFactoryResetProtectionPolicy != null) {

            pw.println("mFactoryResetProtectionPolicy:");

import android.net.VpnManager;

import android.net.metrics.IpConnectivityLog;

import android.net.wifi.WifiManager;

import android.net.wifi.WifiSsid;

import android.os.Binder;

import android.os.Build;

import android.os.Bundle;

import java.io.IOException;

import java.io.PrintWriter;

import java.lang.reflect.Constructor;

import java.nio.charset.StandardCharsets;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

                        .notifyMinimumRequiredWifiSecurityLevelChanged(level));

    }

    private void notifyWifiSsidPolicyChanged(int policyType, List<String> ssids) {

        List<WifiSsid> wifiSsidList = new ArrayList<>();

        for (String ssid : ssids) {

            wifiSsidList.add(

                    WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));

    private void notifyWifiSsidPolicyChanged(WifiSsidPolicy policy) {

        if (policy == null) {

            // If policy doesn't limit SSIDs, no need to disconnect anything.

            return;

        }

        WifiSsidPolicy policy = new WifiSsidPolicy(policyType, new ArraySet<>(wifiSsidList));

        mInjector.binderWithCleanCallingIdentity(

                () -> mInjector.getWifiManager().notifyWifiSsidPolicyChanged(policy));

    }

    }

    @Override

    public void setSsidAllowlist(List<String> ssids) {

        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller),

                "SSID allowlist can only be controlled by a device owner or "

                        + "a profile owner on an organization-owned device.");

        Collections.sort(ssids);

        boolean changed = false;

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);

            if (!ssids.equals(admin.mSsidAllowlist)) {

                admin.mSsidAllowlist = ssids;

                admin.mSsidDenylist = null;

                changed = true;

            }

            if (changed) saveSettingsLocked(caller.getUserId());

        }

        if (changed && !ssids.isEmpty()) {

            notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, ssids);

        }

    }

    @Override

    public List<String> getSsidAllowlist() {

    public WifiSsidPolicy getWifiSsidPolicy() {

        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)

                        || canQueryAdminPolicy(caller),

                "SSID allowlist can only be retrieved by a device owner or "

                "SSID policy can only be retrieved by a device owner or "

                        + "a profile owner on an organization-owned device or "

                        + "an app with the QUERY_ADMIN_POLICY permission.");

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                    UserHandle.USER_SYSTEM);

            return (admin == null || admin.mSsidAllowlist == null) ? new ArrayList<>()

                    : admin.mSsidAllowlist;

            return admin != null ? admin.mWifiSsidPolicy : null;

        }

    }

    @Override

    public void setSsidDenylist(List<String> ssids) {

    public void setWifiSsidPolicy(WifiSsidPolicy policy) {

        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller),

                "SSID denylist can only be controlled by a device owner or "

                        + "a profile owner on an organization-owned device.");

        Collections.sort(ssids);

        boolean changed = false;

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);

            if (!ssids.equals(admin.mSsidDenylist)) {

                admin.mSsidDenylist = ssids;

                admin.mSsidAllowlist = null;

            if (!Objects.equals(policy, admin.mWifiSsidPolicy)) {

                admin.mWifiSsidPolicy = policy;

                changed = true;

            }

            if (changed) saveSettingsLocked(caller.getUserId());

        }

        if (changed) {

            notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, ssids);

        }

    }

    @Override

    public List<String> getSsidDenylist() {

        final CallerIdentity caller = getCallerIdentity();

        Preconditions.checkCallAuthorization(

                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)

                        || canQueryAdminPolicy(caller),

                "SSID denylist can only be retrieved by a device owner or "

                        + "a profile owner on an organization-owned device or "

                        + "an app with the QUERY_ADMIN_POLICY permission.");

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                    UserHandle.USER_SYSTEM);

            return (admin == null || admin.mSsidDenylist == null) ? new ArrayList<>()

                    : admin.mSsidDenylist;

            notifyWifiSsidPolicyChanged(policy);

        }

    }